One of the wildest stories of the year was the day some of the most-followed Twitter accounts on the planet posted cryptocurrency scams because of a massive unprecedented hack.
Elon Musk was the first hacked account most people noticed. “I’m feeling generous because of COVID-19,” a now-deleted 4:17PM ET tweet said. “I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also included an address where people could send bitcoin. But because Twitter scammers regularly use Musk’s name and image to post cryptocurrency scams, it was hard to tell if the tweet was just Musk mocking them.
It quickly became clear that, yes, Musk was hacked, and it wasn’t just him. The company accounts of Coinbase, Gemini, and Binance had posted suspicious tweets shortly before Musk did. Then a deluge of tweets appeared: Apple, Barack Obama, Bill Gates, Floyd Mayweather, Jeff Bezos, Joe Biden, Kanye West, Michael Bloomberg, Uber, Warren Buffett, Wiz Khalifa, and others all posted tweets like Musk’s in short order. Some accounts posted multiple tweets while under the hackers’ control.
Presumably, many of these accounts are protected by things like two-factor authentication and strong passwords that would make them very hard to break into. The fact that they were all posting the scam suggested that the attackers had access to some kind of internal Twitter tool to bypass that security — and Twitter confirmed that was the case later that evening.
Notably, President Donald Trump’s account wasn’t co-opted to post the scheme. Since we live in a world where Trump can move markets and make international headlines with one 280-character missive on Twitter, it’s likely a good thing that his account wasn’t taken over. While we don’t know if the hackers even attempted to tweet as Trump, his account reportedly has extra protections that may have prevented an intrusion.
The chaos was funny, in its way. For a little while, it appeared that Twitter had stopped verified accounts from posting new tweets. That meant The Verge and the majority of our staff weren’t able to tweet, so we briefly relied on former Verge staffer Casey Newton’s unverified wrestling-focused Twitter account (which currently has 207 followers) to share updates about the attack. Other unverified accounts filled our timelines with jokes about a world free of blue checkmarks:
the blue checks can’t post, it’s time for the proletariat revolution on twitter dot com
— zoë o (@zoenone0none) July 15, 2020
About two weeks after the hack, it became clear that this was the work of a teenager. Three people were charged for the attack on July 31st, including a 17-year-old from Florida who authorities claimed was the “mastermind” of the operation. A 16-year-old from…